Friday Mail Sack: Mothers day pfffft… when is son’s day?

Hi folks, Ned here again. It’s been a little while since the last sack, but I have a good excuse: I just finished writing a poop ton of Windows Server 2012 depth training that our support folks around the world will use to make your lives easier (someday). If I ever open MS Word again… Read more

Friday Mail Sack: It’s a Dog’s Life Edition

Hi folks, Ned here again with some possibly interesting, occasionally entertaining, and always unsolicited Friday mail sack. This week we talk some: DNS partition absence Controlling DCDIAG event messaging Inventorying SYSVOL replication architecture Weird WMI DFSR volume paths Tightening up your inactive user account queries More logon banner info Smart card logons working “too well“… Read more

Designing and Implementing a PKI: Part I Design and Planning

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival Designing and Implementing a PKI:… Read more

Implementing an OCSP Responder: Part VI Configuring Custom OCSP URIs via Group Policy

Chris here again. If you have read the previous five part of the series you are at this point very familiar with the installation and configuration of the OCSP Responder. I covered implementing the OCSP Responder to support a variety of scenarios. One thing I have not covered, however, is the configuration of the OCSP… Read more

Implementing an OCSP Responder: Part V High Availability

Chris Here Again. In the four previous parts of this series we covered the basics of OCSP, as well as the steps required to prepare the CA and implement the OCSP Responder. In this section I would like to talk about how to implement a High Availability OCSP Configuration. There are two major pieces in… Read more

Implementing an OCSP responder: Part IV – Configuring OCSP for use with Standalone CAs

Chris here again. In part I of this series we covered the basics of how OCSP works. We also covered the underlying reasons for deploying an OCSP Responder. In Part II we covered configuring the Certificate Authorities for whom which the OCSP Responder will check revocation status for on behalf of the clients. In Part… Read more

Implementing an OCSP responder: Part III – Configuring OCSP for use with Enterprise CAs

Chris here again. As promised I will be covering configuring an OCSP Responder to support Enterprise CA. I will also be covering validating your OCSP Configuration. Installing OCSP Responder Role The first step is to install the OCSP Responder Role. To install the OCSP Responder: Open a command prompt and type: servermanagercmd.exe –install ADCS-Online-Cert. Configuring… Read more

Implementing an OCSP responder: Part II – Preparing Certificate Authorities

Chris here again. In Part I we covered some of the basics and background information on the reason for the OCSP Responder and a basic understanding of how the OCSP Responder functions. So now we look towards implementing the OCSP Responder. However, before we move forward with the Install of the OCSP Responder we must… Read more

Implementing an OCSP responder: Part I – Introducing OCSP

The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Designing and Implementing a PKI: Part III Certificate Templates Chris here again. For those Security Architects and PKI implementers, you may have known that since Windows Server 2008 we have an Online Certificate Status Protocol (OCSP)… Read more